Files affected by virus removal

Some of the documents files got infected by a virus but they were deleted. However when I play any of the music files there is a background crackling sound. Any ideas why this is happening and how I can get rid of it?

I think it would be a very good idea to take heed of that warning and back up any data that you cannot easily restore from another source again eg. your emails, user-created images, documents, etc, favorites,

We will only be able to find out the type of files that may have been affected if you tell us the name of the virus that was eradicated from the computer, and how you eradicated it.

When you say that you "deleted" the virus, I can only assume that you used an AntiVirus software suite or one of the standalone virus fix tools. The tool won't necessarily have created a log file, but any antivirus program should have created a log file from which you will find out the name of the virus and possibly also what infected files were removed. Open the AntiVirus program and look for the options to read the log file.

Many antivirus programs will also "quarantine" infected files rather than just completely deleting them, but it depends on the user settings whether the quarantine area is used or not. You should be able to see what files have been quarantined from one of the antivirus user programs.

If you cannot find out any of these details, or if you just manually deleted files, then there is one option that I am always very hesitant to suggest. IF you know EXACTLY when the computer was infected, and if you have a restore point that dates BEFORE the infection, then performing a "system restore" MIGHT fix the problem. I rarely use System Restore, as it doesn't always work fully, and in your scenario you also risk the likelihood of restoring a virus again.

Correction:
>>> "You should be able to see what files have been quarantined from one of the antivirus user programs". <<<
should read:
>>> "You should be able to see what files have been quarantined from one of the antivirus user OPTIONS". <<<

The virus was the Trojan horse with extension name Lop.A. The infected files were stored in the virus vault but I deleted because they were temporary document files. Why keep files in quarantine anyway?

I am tempted to try to go to previous restore point. What would be lost if I go back to avery early restore point?

Merete

I did a system file scan which did not show up anything. I tried updating drivers but that did not help. I think we are dealing with some sort of virus infection. The question is can we avoid having to re-install windows XP. As well as the sound being distorted the computer has become slower.

What you would lose is anything you installed since then, such as programs, usernames, etc. and also if you changed any preferences, such as wallpaper, screen resolution, etc. For this reason you want to go back to a restore point that is before the start of the problem, but not too many weeks or months before that.

"computer has become slower"

Maybe some part of the infection is still lurking. Please do the following:

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.

>>> "Why keep files in quarantine anyway?" <<<
So you can find out what they were called and identify if they were genuine files infected or overwritten by the virus, and thus figure out if you will probably have to reinstall the program or application that installed those files originally.

Personally I would try and view the activity logfile that the antivirus scan should have created. This should tell you what files it quarantined, and you then flushed from quarantine. That way you will be able to determine, either by asking here or by searching google.com, if they WERE Windows XP system files or not.

If they were, then (as suggested by Merete)
SFC /SCANNOW
can be used to check for and restore the missing files from your Windows XP CD.

I can't really find much info about "Lop.A" through google, but I found the following page in which a user states that the files for Lop.A, Lop.B, etc were found during a scan in the
System Volume Information\ _ restore {B762F5BE-1DF...
folder.http://forum.grisoft.cz/freeforum/read.php?4,68107,68109

That's obviously an incomplete folder path, but the mention of "restore" worries me. I think that you should TURN OFF System Restore and then scan your system several times using HiJack This!, Adaware, and your AntiVirus software again to eradicate any remnants that might be automatically restored again after removal.

The problem with this is that all the existing restore points will be deleted if you say Yes when prompted.Click Yes to do this. Unfortunately that's probably going to be the sacrifice you will have to make. Perhaps you might want to try other tactics first, and use that as a last resort.

Turn off System Restore:
Start Menu > Right-click on "My Computer" > Click "Properties".
Open the System Restore tab > Tick the box "Turn off System Restore" or "Turn off System Restore on all drives".
Click "Apply" and reboot.

run trend micro housecalls and see it can find this malware/ if it can after this online scan, it will provide a repair guide and maybe even a patch.
But at least you will know if there is any varients

midan
there is also a diag at start run type in dxdiag press enter run the audio tests. It may find some errors that can help you. Have you tried new drivers for your sound card and installed compatible windowsxp? Upgrade to xpsp2.
also reduce the wav mid vol.

Your computer should have come with a mainboard cd on this cd is all the default drivers for your computer.

What devices are you listening thru>> media players? What CD'S?? On the HDD? Are these recorded by you and is teh sound too loud?
Check your speakers are plugged in properly, try another set of speakers.

Windows XP Tips
Crackling Sound With Soundblaster Cards
This seems like a strange problem with Windows XP. Some users are noticing scratchy, popping sound with their SoundBlaster cards and Windows XP. I have come to the conclusion that this is happening the most often on PC's that contain RAID setups such as a Highpoint controller. The main fix I have come across is to install Raid drivers OTHER than those that shipped with Windows XP. For instance on my Raid setup, I went back to a older Windows 2000 driver and this has almost completely stopped my sound problems.

I like the idea of the sound test. Running dxdiag I got the following message for the sound test- DirectSound test result:failure at step 19(User verification of software):HRESULT = 0x00000000 (error code).

I also ran the trend micro housecall which was very useful in picking up malware that was not previously detected. I think it deleted the malware and the computer seems to be running better but the problem is still there with the sound. It happens whichever player I use.

It is not digitally signed, which means that it has not been tested by Microsoft's Windows Hardware Quality Labs (WHQL). You may be able to get a WHQL logo'd driver from the hardware manufacturer. DirectSound test results: Failure at step 19 (User verification of software): HRESULT = 0x00000000 (error code)
Uninstall your audio drivers from safemode if possible, use your mainboard cd to install the correct drivers then update them.
Run the dxdiag again.
Runa scan for corrupt files later.
rebooting helps to flush the cache and reset things.
Midan it always pays to run several malware scanners what one misses another finds, hackers discovered this idea so by writing a virus then a sub virus incase one was picked the other missed tricky buggars they are.
Good luck your gettin there.
Merete :)

Could you please tell us whether you are using some kind of external sound device connected by USB or some similar arrangement. I would expect the laptop to have an integrated sound chip on the motherboard, but if this hasn't been disabled in the CMOS Setup then it could cause problems.

The DirectX error message tends to point to audio driver mismatches or conflicts, and I go along with Merete in suggesting that you reinstall all motherboard chipset drivers and the soundcard driver. In particular, I would also ensure that the driver for the soundcard is one stated to be a WHQL (Windows Hardware Quality Labs) version.

Sorry Merete. I was multitasking there and didn't reload the page before posting.

Actually, I was setting up a funny "adult" OEMLOGO.BMP and OEMINFO.INI on someone else's computer to make them fall off their seat with shock and laughter the next time they open System Properties. It was a photo of that person doing something stupid while on holiday :-)

Sorry guys but what is the best way to uninstall the sound drivers. There are various choices like audio codecs, legacy audio drivers etc which when you right click on show 'update driver' but no 'uninstall'.

there should be a 'roll back drivers' button in the audio hardware properties page. If you go to device manager and right click the audio device (sound card) and click uninstall, this should delete any drivers associated with it. Press F5 to refresh the list and you should be asked to reinstall the drivers

I am not sure if I have uninstalled the sound drivers. The only sound hardware with the uninstall option is Realtek high definition audio. I did uninstall it and reinstalled it. No change in the sound. No I do not have external speakers.

I have just installed the Real Player program which wasn't in the computer before. Playing the audio files with the Real Player I still get distorted sounds.

In the Windows XP OEM Setup (booting from your XP CD), don't press 'R' the first time you have the option to (for the Recovery Console), but press it the second time (for Repair Windows).

Windows will delete all system files and then continue to install XP as normal. All your documents and programs will still be intact when finished. Only a few programs might need to be reinstalled. (eg, I had to reinstall my Virtual CD software so that it would re-create my Virtual CD/DVD drive). You probably won't need to reinstall amything else besides any Service Packs you have installed (unless you have a slipstreamed XP SP 1/2 disc)

NOTE : At this point make sure you dont have any Warning symbols next to the hardware in device manager

Right click your Audio device and choose "Update Driver"

Another way to check for updates on your computer is on the windows update site, check there for any security and driver updates> You'll need to goto the Custom Section for optional driver downloads for your sound card.

Hello Miden
as you say here>>I can let you know that all the sound files are >> affected including the Windows start up sound<< if your windows default sounds are corrupted run a scan for corrupted files
at start run type in cmd press enter then type in sfc /scannow you will need your xp cd.
if you get any messages during the scan eject the cd and and close it again, teh sfc should continue.
Once the windows audio files are gone awol all your sounds will be no good.

If you have already tried re-installing the drivers off your mainboard then the only option is to fix the windows audio sfc will do that.
Real Player is pretty intensive uninstall it for now.
Try using winamp instead.

I'm not sure how much further I can go with this. I am now getting a message on start up which reads as follows:SMART failure predicted on hard disk 0: Hitachi-DK23FA-60-(PM).
WARNING Immediately back up your data and replace your hard disk drive. A failure may be imminent. Prss F1 to continue.

well it is time for you to take out that hdd and slave it to another pc, just use their cdrom,pull out its two cables/ide and power/ look on the rear of your hdd see the pin move it to slave, there is a diagram ontop/now plug inthe ide cable and white power plug into the rear of your hdd, they fit perfectly, just make sure to unpower pull out the power so that the bios does not know.
Then power in again and boot, its a little slower but once the desktop loads soon you'll see found new hardware, then you are still safe enough to save off your files.
open outlook express tools >options>maintinence>store folder change> direct it to a new folder name it your emails backup
then ok, close outlook and open all your emails will now move to this folder. You canuse this to import them back exzctly as is.
Now in tools again accounts properties >highlight your account>look to the right and see export> click on export to the same folder as your emails, once your back up and running you can import your mail account again.

FYI on your HDD:
In an effort to help users avoid data loss, drive manufacturers are now incorporating logic into their drives that acts as an "early warning system" for pending drive problems. This system is called Self-Monitoring Analysis and Reporting Technology or SMART. The hard disk's integrated controller works with various sensors to monitor various aspects of the drive's performance, determines from this information if the drive is behaving normally or not, and makes available status information to software that probes the drive and look at it.http://www.pcguide.com/ref/hdd/perf/qual/featuresSMART-c.html

I think it would be a very good idea to take heed of that warning and back up any data that you cannot easily restore from another source again eg. your emails, user-created images, documents, etc, favorites, address book, and so on.

If you need advice on where to find your data and how to back it up, then just ask.

After you have done that, and verified that the medium you copied the data onto has stored it properly, I think you should run the hard drive diagnostics utility created specifically to test your hitachi hard drive.

IF your drive model is being correctly reported by that message, then you would appear to have a 60 GB Hitachi Ultrastar Legacy Notebook Hard Drive:http://www.hitachigst.com/hdd/support/dk/table.html#dk23xx
The exact DK23FA model isn't listed, but I checked it out to ensure that the downloadable "Drive Fitness Test" utility was compatible with your hard drive:

*** WARNING ***
Stick ONLY to the processes that analyse and test the hard drive, eg. Drive Fitness Test, SMART Operations, and Drive Info. These should not damage data on the hard drive.

The other utilities on the drive WILL destroy your data, eg. The Low Level Format will wipe everything off the drive, and you will have to repartition it from scratch again. Similarly, the "Erase Bootsector utility" is intended for radical purposes like getting rid of boot sector viruses, etc.

Just for your info, S.M.A.R.T. is predictive monitoring based on previous and ongoing logging of various aspects of the hard drive. If it THINKS that the drive's performance is beginning to go downhill, for instance it is hunting more or taking longer to spin up, then it will warn you. It isn't always correct, but you can't take that risk.http://en.wikipedia.org/wiki/Self-Monitoring,_Analysis_and_Reporting_Technology

One utility that allows you to see details of SMAERT monitored activity is Everest. There was a FREE utility named AIDA32 which was created and continually updated by a Hungarian guy named Tamás Miklós up until 2004 when he was taken on in a senior role by a Canadian company named Lavalys (http://www.aida32.hu/). AIDA32 was then modified, but continued as a freeware product known as "Everest Home Edition" until 1st December this year when they decided to ditch the free version in favour of retail only versions.http://www.lavalys.com/news.php?article=31&selcat=PR&lang=en

Once you have Everest running, open the "Storage" section, and then the "SMART" sub-section to see the logged performance.

If the problems are mechanical, then you are as well throwing the drive in the trash. If problems are to do with degrading magnetic properties of the disk's platters, then you can sometimes breathe a new lease of life into it by doing a low level format, then repartitioning and formatting the drive. It's hard to know if it is mechanical or magnetic though, and low-level formats take a long time and aren't absolutely guaranteed success.

That's a good explanation in that link of yours Merete. I've been avoiding giving links to the pcguide.com pages recently because I found that the pages have been coming up blank but with the mottled grey background showing. That one comes up OK though. Must be my browser, or maybe the site was being maintained at the times I've tried.

Sorry if my comment seemed to repeat what you said, but almost an hour later. I was trying to find that Hitachi model number, and then went for a coffee before posting my comment. Isn't it marvellous when two great minds think in parallel like that ;-)

I feel that I should emphasise that my discussion about Low Level Formatting is NOT something you should try UNLESS you are about to throw the drive in the trash can. It's an absolute LAST resort. In fact, most utilities that purport to do a LLF on a hard drive are actually doing a zero-fill instead. This isn't quite as radical as a proper LLF performed in hard drive assembling labs, but is still not something to try unless as a last resort. The "Erase Disk" utility on the bootable floppy/CD from the Hitachi download is NOT a true LLF - it just zero-fills ALL sectors, including the boot sector with total data loss.

Occasionally Windows/Microsoft Updates will fail to update. We have found a code that will delete all temporary files and re-register all dll's related to Windows/Microsoft Updates! This works 99% of the time to get the updates working again!
The…

I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …